<?php
include_once("admin_common.inc.php");
require_once(_INC_PATH.'database.php');
//get get value
if(is_array($_POST))
{
	foreach($_POST as $k=>$val){
		$arr_data[$k]=trim($val);
	}
}
//get post value
if(is_array($_GET))
{
	foreach($_GET as $k=>$val){
		$arr_data[$k]=trim($val);
	}
}

if(@$arr_data['cmd']=="login"){
	$user_id = $arr_data['userId'];
	$password = $arr_data['password'];

	$db = new database();
	$sql = "SELECT * FROM `tbl_manager` WHERE status='0' AND user_id='".mysql_escape_string($user_id)."' and password='".mysql_escape_string(md5($password))."'";
	//echo $sql;
	$data = $db->loadRow($sql);
	if($data){
		$sql="UPDATE `tbl_manager` set login_time=CURRENT_TIMESTAMP 
			  WHERE user_id='".mysql_escape_string($user_id)."'";
		$db->query($sql);
		$_SESSION['admin_login'] = $data;
		if($data['grade'] > 1)
		{
			foreach($permissionCfg[$data['grade']] as $key=>$value)
			{
				header("Location: /management/$key");
				die;
			}
		}else{
			header("Location: /management/");
			die;
		}
	}else{
		$smarty->assign("error",1);
		$smarty->display("management/admin_login.tpl");
	}
	die;
}

$smarty->display("management/admin_login.tpl");
?>